CDNs under the auspices of a non-GDPR government cannot offer any legally-binding assurances that they will comply with GDPR. Their government can legally compel them to lie about honoring the GDPR and secretly act otherwise. Since US courts and authorities are no longer bound by law to honor the GDPR, no service owned by, operated by, hosted within, or subsidiary to a United States entity can guarantee compliance with GDPR.
Any CDN that is owned/operated/subsidiary in full within countries that have legal GDPR protections in place, such as member states of the EU, would be fine to use — but that rules out Cloudflare, Akamai, etc.
Any CDN that is owned/operated/subsidiary in full within countries that have legal GDPR protections in place, such as member states of the EU, would be fine to use — but that rules out Cloudflare, Akamai, etc.
(I am not your lawyer, this is not legal advice.)